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REMARKS 

Reconsideration of the application in view of the above amendments and the 
following remarks is respectfully requested. Claims 1-27, 30-31, 42-43, and 53-54 have been 
canceled. Claims 28-29, 40-41, and 52 have been amended. New claims 55-60 have been 
added. Claims 28-29, 32-41, and 44-60 are currently pending in the application. 

ADVISORY ACTION 

In the Advisory Action, the Examiner indicated that the amendments submitted in the 
response-after-final filed on January 28, 2008, will be entered and made of record. 
Applicants thank the Examiner for her cooperation. 

The Examiner also acknowledged that the amendments and remarks in the response- 
after-final overcame the rejection of claims 52 and 54 under 35 U.S.C. §101, and the 
rejection of claims 28-54 under 35 U.S.C. §1 12. Applicants thank the Examiner for this 
acknowledgement. In light of the Examiner's statements in the Advisory Action, it appears 
that the only remaining rejections are the rejection of claims 40-41 and 44-51 under 35 
U.S.C. §101, and the rejection of claims 28-54 under 35 U.S.C. § 103(a). These rejections 
will be addressed below. 

CLAIM REJECTION UNDER 35 U.S.C. §101 

In the Final Office Action and in the Advisory Action, the Examiner rejected claims 
40-41 and 44-51 under 35 U.S.C. §101 as being directed to non-statutory subject matter. 
Specifically, the Examiner contended that the term "machine -readable medium", as defined 
in the Specification, includes transmission media, which can take the form of light, acoustic, 
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or carrier waves. Since such waves, in the Examiner's opinion, are non- statutory, the 
Examiner concluded that claims 40-41 and 44-51 are directed to non-statutory subject matter. 
This rejection is respectfully traversed. 

Applicants would like to point out that, as they stand, claims 40-41 and 44-51 do not 
recite a "machine-readable medium" but rather a "machine-readable storage medium". It is 
well known that waves are transitory, and hence are incapable of storing anything (e.g. 
instructions, as recited in claims 40-41 and 44-51). Therefore, waves do not qualify as 
storage media. Since claims 40-41 and 44-51 specifically recite a "machine-readable storage 
medium", these claims do not encompass waves. This in turn means that claims 40-41 and 
44-51 do not encompass any non-statutory subject matter. Accordingly, Applicants 
respectfully submit that claims 40-41 and 44-51 are directed to statutory subject matter, and 
hence, request that this rejection be withdrawn. 



In the Final Office Action and in the Advisory Action, the Examiner rejected claims 
28-54 under 35 U.S.C. § 103(a) as being unpatentable over Schaefer (U.S. Publication No. 
2002/0174215 Al) in view of Susser et al. (International Publication No. WO 00/45262). 
Claims 30-31, 42-43, and 53-54 have been canceled. Independent claims 28, 40, and 52 have 
been amended to clarify the subject matter that is being claimed. 

Claim 28 

Claim 28 has been amended, and as amended, now recites: 
A machine-implemented method, comprising: 



CLAIM REJECTION UNDER 35 U.S.C. §103 
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establishing, within a global operating system environment provided by an operating 
system (OS) kernel, a first non-global zone which serves as a first virtual 
platform for supporting and isolating user processes, wherein the first non- 
global zone is a separate and distinct OS partition of the global operating 
system environment having a first zone identifier associated therewith, and 
wherein the first non-global zone is established and exists without requiring 
any user processes to be running therein; 

establishing, within the global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating 
user processes, wherein the second non-global zone is a separate and distinct 
OS partition of the global operating system environment having a second zone 
identifier associated therewith, and wherein the second non-global zone is 
established and exists without requiring any user processes to be running 
therein; 

executing a first set of one or more user processes within the first non-global zone; 
executing a second set of one or more user processes within the second non-global 
zone; and 

isolating the first set of one or more user processes within the first non-global zone 

and the second set of one or more user processes within the second non-global 
zone such that the first set of one or more user processes cannot access 
processes in the second non-global zone and the second set of one or more 
user processes cannot access processes in the first non-global zone; 

wherein the first and second non-global zones are established by the OS kernel, and 
wherein the OS kernel enforces zone boundaries to isolate the first set of one 
or more user processes within the first non- global zone and the second set of 
one or more user processes within the second non- global zone . (Emphasis 
added) 

Claim 28 has been amended to make it clear that: (1) the first and second non-global 
zones are separate and distinct OS partitions of the global operating environment provided by 
the OS kernel; (2) the first and second non-global zones are established by the OS kernel ; and 
(3) it is the OS kernel that enforces zone boundaries to isolate processes executing within a 
non-global zone to that non-global zone. These amendments are amply supported by the 
Specification (see e.g. paragraphs 0038, 0042, 0044, 0045, Figs. 1 and 2, etc.). At least these 
aspects of claim 28 are not disclosed or suggested by Schaefer and Susser, taken individually 
or in combination. 
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First of all, it should be noted that neither reference discloses or suggests establishing 
non-global zones that are separate and distinct OS partitions of a global operating system 
environment provided by an OS kernel. In Schaefer, the virtual environments (interpreted by 
the Examiner to be the non-global zones recited in claim 28) established by the OS Guard 
100 (see Fig. 1) are "pseudo installation" environments that appear to a running application 
to be an installation environment even though no installation has been performed (see 
paragraph 14). Although these virtual environments exist in an operating system 
environment provided by the operating system 10, they are in no way separate and distinct 
OS partitions of that operating system environment. There is nothing in Schaefer that 
discloses or suggests that the virtual environments are separate and distinct OS partitions . 

The same is true for Susser. In Susser, the execution contexts 760, 770, 780 
(interpreted by the Examiner to be the non-global zones recited in claim 28) provide contexts 
within which applications may be executed. While these contexts may exist in an operating 
system environment provided by the operating system 760, they are in no way separate and 
distinct OS partitions of that operating system environment. There is nothing in Schaefer 
that discloses or suggests that the execution contexts are separate and distinct OS partitions . 
Thus, neither Schaefer nor Susser teach or suggest this aspect of claim 28. 

Another point to note is that in neither reference is it disclosed or suggested that the 

non-global zones are established by an OS kernel . To the contrary, in Schaefer, it is made 

abundantly clear that the virtual environments are not established by the operating system 10 

but rather by the OS guard 100, which is a layer that executes on top of the operating system 

10 (see Fig. 1). In paragraph 0013, Schaefer states: 

As used herein the term "Operating System Guard" defines a layer 
between a running application and the operating system of a target 
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computer or client computer that provides a virtual environment in 
which an application may run. (Emphasis added) 

In paragraph 0004, Schaefer further states: 

The present invention provides a system for creating an application 
software environment without changing an operating system of a client 
computer, the system comprising an operating system abstraction and 
protection layer, wherein said abstraction and protection layer is 
interposed between a running software application and said operating 
system , whereby a virtual environment in which an application may run 
is provided and application level interactions are substantially removed. 
(Emphasis added) 

From these excerpts, it is abundantly clear that, in Schaefer, it is the OS guard 100, 
not the operating system 10, that establishes the virtual environments that the Examiner is 
interpreting to be the non-global zones of claim 28. From Schaefer's disclosure, it does not 
appear that the operating system 10 is even aware of the virtual environments. There 
certainly is no teaching or suggestion that the virtual environments are established by the 
operating system 10. Thus, Schaefer fails to disclose or suggest this aspect of claim 28. 

Susser suffers from the same shortcoming. In Susser, it is not the operating system 

760 (Fig. 7), but rather, the virtual machine 720, and more specifically, the runtime system 

740 within the virtual machine, that establishes the contexts that the Examiner is interpreting 

to be the non-global zones of claim 28. In Fig. 7, Susser explicitly shows that the virtual 

machine 720 is implemented over the operating system 760, and under the contexts 760, 770, 

780; hence, the virtual machine 720 is interposed between the operating system 760 and the 

contexts. In Fig. 7, it is also shown that the virtual machine 720 includes a runtime system 

740. On page 11, lines 1 1-15, Susser states: 

The runtime system includes object system 750 for managing the objects 
of an object oriented implementation. Three contexts, 760, 770, and 
780, are shown. Each context is separated from the other by a context 
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barrier (sometimes referred to as a firewall) between the execution 
contexts. 

On page 11, lines 21-31, Susser further states: 

The runtime system 740 provides a means for uniquely identifying 
contexts , and a means for specifying and identifying the currently 
executing context. . . . For example, the runtime 740 can identify 
contexts with a unique name. ... Alternatively, the runtime system 740 
can identify contexts by dividing the memory space into separate 
regions, each for a particular context. ... (Emphasis added) 

From these excerpts, it is clear that in Susser it is the runtime system 740, not the 
operating system 760, that identifies the contexts (i.e. gives the contexts their identities), and 
manages the contexts. Since the runtime system 740 identifies and manages the contexts, 
and since the virtual machine 720 and the runtime system 740 are interposed between the 
operating system 760 and the contexts, it is logical to conclude that it is the runtime system 
740, not the operating system 760, that establishes the contexts (Susser does not explicitly 
state that the contexts are established by the runtime system; however, given the overall 
disclosure of Susser, it is relatively clear that this is the case). One point is clear: there is 
absolutely nothing in Susser that discloses or suggests that it is the operating system 760 that 
establishes the contexts. In fact, it does not appear that the operating system 760 of Susser is 
even aware of the different contexts. Because Susser fails to disclose or suggest that the 
contexts are established by the operating system 760, Susser does not teach or suggest the 
aspect of claim 28 in which the non-global zones are established by the OS kernel. 

Yet another point to note is that in neither reference is it disclosed or suggested that 
the zone boundaries are enforced by an OS kernel . To the contrary, Schaefer clearly states in 
paragraph 0012: 
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An operating system abstraction and protection layer 100 will provide an 
additional, programmatically controlled b airier between applications 50 
to remove most application level interactions , (Emphasis added) 

From this excerpt, it is clear that in Schaefer, it is the abstraction and protection layer 
(i.e. the OS guard 100) that enforces the boundaries between different virtual environments. 
It is not the operating system 10 that enforces the virtual environment boundaries, and there 
is no teaching or suggestion in Susser that the operating system 10 be used to enforce the 
virtual environment boundaries. Thus, this aspect of claim 28 is clearly not disclosed or 
suggested by Schaefer. 

The same is true for Susser. On page 5, lines 28-30, Susser states: 

In accordance with one exemplary embodiment, an enhanced Java 
Virtual Machine (VM) provides certain run-time checks of attempted 
access across execution contexts in the VM. (Emphasis added) 

On page 15, lines 11-13, Susser further states: 

In particular, consistently (sic) with the invention, the virtual machine 
provides functionality to implement or to facilitate a security 
enforcement process that permits access across a firewall . (Emphasis 
added) 

From these excerpts, it is clear that, in Susser, it is the virtual machine 720 that 
enforces the boundaries between contexts. There is nothing in Susser that discloses or 
suggests having the operating system 760 perform the boundary enforcement function. Thus, 
this aspect of claim 28 is clearly not disclosed or suggested by Susser. 

As argued above, both Schaefer and Susser fail to disclose or suggest several of the 
same aspects of claim 28. That being the case, even if the references were combined 
(assuming for the sake of argument that it would have been obvious to combine the 
references), the combination still would not yield the invention as claimed in claim 28. 
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Therefore, Applicants respectfully submit that claim 28 is patentable over Schaefer and 
Susser, taken individually or in combination. 

Applicants further submit that claims 29 and 32-39, which depend from claim 28, and 
which recite further advantageous aspects of the invention, are likewise patentable over 
Schaefer and Susser for at least the reasons given above in connection with claim 28. 

Claim 40 

Claim 40 is a machine-readable storage medium counterpart of method claim 28. 
Applicants submit that claim 40 is patentable over Schaefer and Susser for at least the 
reasons given above in connection with claim 28. 

Applicants further submit that claims 41 and 44-5 1, which depend from claim 40, and 
which recite further advantageous aspects of the invention, are likewise patentable over 
Schaefer and Susser for at least the reasons given above in connection with claim 40. 

Claim 52 

Claim 52 is an apparatus counterpart of method claim 28. Applicants submit that 
claim 52 is patentable over Schaefer and Susser for at least the reasons given above in 
connection with claim 28. 

NEW CLAIMS 

New claims 55-60 have been added to claim the invention with the breadth and scope 
to which Applicants believe they are entitled. Applicants submit that claims 55-60 are 
patentable over the art of record. 
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CONCLUSION 

For the foregoing reasons, Applicants submit that all of the pending claims are 
patentable over the art of record, including any art cited but not applied. Accordingly, 
Applicants respectfully request that this response be entered and made of record, and that a 
notice of allowance be issued. 

The Examiner is invited to telephone the undersigned attorney to discuss any issues 
that may advance prosecution. 

To the extent necessary to make this reply timely, Applicants petition for an extension 
of time under 37 C.F.R. §1.136. 

If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to apply any applicable fees and to credit 
any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Date: February 28, 2008 /Bobb yKTruon g#37499/ 

Bobby K. Truong 
Reg. No. 37,499^ 

2055 Gateway Place, Suite 550 
San Jose, California 951 10-1089 
Telephone: (408)414-1234 
Facsimile: (408)414-1076 
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